The $1.9 trillion American Rescue Plan will likely have a significant and positive impact on application modernization initiatives for agencies. The plan includes $1 billion into the Technology Modernization Act funding vehicle.
The Modernizing Government Technology Act (MGT Act) was signed into law in 2017 to provide agencies with funds they can apply to their IT modernization efforts, including those around cybersecurity. Agencies could apply for funding from the Technology Modernization Fund, which was designed to help them move on from legacy systems and invest in agile, transformative technologies.
Agencies have a tremendous opportunity to accelerate their application modernization initiatives, like the Department of Labor, which already received $9.6 million from the Technology Modernization Fund to update its enterprise data platform, less than a day after lawmakers put this historic plan in place.
With current legacy and monolithic applications impeding mission success for many agencies, including challenges with dated and complex federal network architecture and app development processes, poor digital experiences for citizens and government employees, and evolving security vulnerabilities, agencies have a whole host of challenges to solve. The following are my suggestions on where to focus app modernization efforts to best maximize impact on mission success.
While funding is typically the difficult part, deciding where to focus efforts is usually the next hurdle to overcome. The NIST Cybersecurity Framework guides agencies in the establishment of better risk management practices by taking a holistic lifecycle approach to risk management. Using the guidelines set forth by NIST, agencies continually assess and mitigate risk through five core functions: identify, protect, detect, respond, and recover. This framework is a useful tool as it affords organizations a standardized structure through which they can create highly adaptive security programs. It does this while providing flexibility so organizations can customize it to meet their unique needs while providing a common blueprint for managing risk and addressing vulnerabilities.
If the last year has shown us anything around cybersecurity, it's that it should be front-of-mind when we think about where to prioritize efforts. Both new and legacy systems were shown to be underserved in the last round of cybersecurity incidents. It’s telling that CISA itself will receive $650M for cybersecurity risk mitigation to safeguard the '.gov' networks alone. That does not, however translate to securing EVERY network and every application under the government’s umbrella.
Digital transformation has ushered in “new” and somewhat invisible technologies like API based transactions. While these APIs are invisible to our users and applications for the most part, they still fall prey to attack and misuse. Many agencies lack a way to manage APIs across their environments in a secure and scalable fashion. Investing in solutions to ensure APIs are deployed and managed securely should be a top priority.
Application vulnerabilities continue to be a common attack vector for attackers. As we know, software is made by humans and humans are not perfect. While vendors strive to produce flawless code, mistakes happen. The ability to react, defend, and secure is key, now more than ever. During this time of transformation, it can be difficult to maintain a foot in each pond to ensure legacy apps as well as next generation apps are protected. This can lead to tool sprawl and multiple points of reconciliation. Adopting tools which can not only automate application delivery, but also protect those applications no matter where they live, is incredibly important. The more places we need to check, the more likely we’ll miss something. Let’s focus on tools that allow us to automate and operate in any environment, any cloud, any ecosystem, and do it securely.
Finally, we’re reminded or maybe just re-acquainted with the fact that supply chain is critical. SUNBURST has shown that even organizations who are known for their ability to detect, secure, and defend are not impenetrable themselves—and that there are industry-wide opportunities to do a better job at securing infrastructures.
The American Rescue Plan provides agencies with a once-in-a-generation opportunity to leverage government support to improve IT services that will last for years. F5 can help you identify areas in need and prioritize your funds so you get the most value out of your allocation.